QEMU Floppy Disk Controller fdctrl_handle_drive_specification_command Virtual Machine Escape Exploit (VENOM) Update

The fdctrl_handle_drive_specification_command() function in the code that emulates the Floppy Disk Controller in QEMU does not properly reset the index within a buffer when processing user-controlled data, leading to a heap-based buffer overflow in the QEMU process that runs on the Host system. An attacker running code within a Guest operating system can exploit this vulnerability in order to escape from the QEMU virtual machine and execute arbitrary code on the Host operating system. This update adds support for exploiting 64-bit guest systems.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2015-3456
Product Version: 
2014_R2
Released Date: 
Wednesday, August 12, 2015 - 00:00